Module 18 (Privllege Escalation)
How to escalate your privleges?
Manual Enumeration
Enumeration Users
whoami - id - net user (win)
Enumeration Hostname
Hostname
Systeminfo
uname -a and /etc/issue, /etc/*-releaseh
Enumeration Running Procceses and services
tasklist /svc => Windows
ps aux => linux
Enumeration Network
open ports
#linux
route
ifconfig - ip a
/sbin/route
netstat -ano
netstat -anp
ss -anp
#windows
ipconfig
netstat -ano
netstat -anp
Enumeration Firewall Status and Reules
netsh advfirewall show currentprofile
netsh advfirewall firewall show rule name=all
Enumeration scheduled Tasks
schtasks /query /fo LIST /v
ls -lah /etc/cron*
/bin/sh -p
Enumeration installed applicatins and Patch levels
wmic product get name, version. vendor
wmic qfe get Caption, Description, HotFixID, installedOn
dpkg -l
windows
Get-ChildItem "C:\Program Files" -R ecurse | Get-ACL | ?{$_.AccessToString -match "Everyone\sAllow\s\sModify"}
Linux
find / -writable -type d 2>/dev/null
Enumeration Readable/Writable Files and Directories
Enumeration Unmounted Disks
#sindows
mountvol
#linux
mount
Enumeration Device Drivers and Kerenl Modules
driverquery.exe /v /fo csv | ConvertFrom-CSV | Select-Object ‘Display Name’, ‘Start Mode’, Path
Get-WmiObject Win32_PnPSignedDriver | Select-Object DeviceName, DriverVersion, Manufacturer | Where-Object {$_.DeviceName -like "*VMware*"}
Linux
lsmod
/sbin/modinfo <modualinfo>
Last updated